Debian Linux vulnerabilities

CVE-2023-28466 [HIGH] CWE-476 CVE-2023-28466: do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, le do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

CVE-2023-27530 [HIGH] CWE-400 CVE-2023-27530: A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multi A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

CVE-2023-27522 [HIGH] CWE-444 CVE-2023-27522: HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

CVE-2023-1161 [HIGH] CWE-120 CVE-2023-1161: ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denia ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

CVE-2023-0330 [MEDIUM] CWE-121 CVE-2023-0330: A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy p A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

CVE-2023-27561 [HIGH] CVE-2023-27561: runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libc runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.

CVE-2023-26604 [HIGH] CWE-269 CVE-2023-26604: systemd before 247 does not adequately block local privilege escalation for some Sudo configurations systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when ru

CVE-2023-25221 [HIGH] CWE-787 CVE-2023-25221: Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatia Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

CVE-2023-24755 [MEDIUM] CWE-476 CVE-2023-24755: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fal libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24754 [MEDIUM] CWE-476 CVE-2023-24754: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pr libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24757 [MEDIUM] CWE-476 CVE-2023-24757: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_ libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24752 [MEDIUM] CWE-476 CVE-2023-24752: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_p libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24758 [MEDIUM] CWE-476 CVE-2023-24758: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pr libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24751 [MEDIUM] CWE-476 CVE-2023-24751: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at m libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24756 [MEDIUM] CWE-476 CVE-2023-24756: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_ libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-27372 [CRITICAL] CWE-502 CVE-2023-27372: SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serializat SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

CVE-2023-26545 [MEDIUM] CWE-415 CVE-2023-26545: In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation f In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

CVE-2023-23920 [MEDIUM] CWE-426 CVE-2023-23920: An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

CVE-2023-23916 [MEDIUM] CWE-770 CVE-2023-23916: An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemente

CVE-2023-26314 [HIGH] CVE-2023-26314: The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the ap The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.